1. Field of the Invention
The present invention relates to an information processing apparatus, an information recording medium, an information processing method and a computer program. More particularly, the present invention relates to an information processing apparatus, an information recording medium, an information processing method and a computer program, all enabling information delivery setting various subsets in an information delivering configuration to which a tree structure is applied, namely setting various types of subsets defining a set of information processing apparatuses as user devices, and all enabling the selection of a cryptogram such that the information processing apparatus can efficiently decode themselves by the apparatuses.
2. Description of the Related Art
Recently, various kinds of software data such as audio data of music and the like, image data of movies and the like, game programs and various application programs (hereinafter these are referred to as contents) have been circulated through networks such as the Internet, or through various information processing apparatus such as information recording media including compact discs (CD's), digital versatile disks (DVD's), mini disks (MD's). These circulating contents are reproduced and used by a reproducing apparatus such as a personal computer (PC), a CD player, a DVD player and an MD player, which are owned by users, or game equipment.
The rights of distribution or the like of many contents such as music data and image data are generally held by their creators or their distributors. Consequently, at the time of the distribution of these contents, a configuration for setting certain restricted access is generally adopted, that is to say, only the authorized users are permitted to use the contents for preventing unauthorized duplication or the like.
In particular, in recent years, recording devices and storage media for recording information digitally have been being popularized. By means of such digital recording devices and storage media, for example, it is possible to repeat recording and reproducing without deteriorating images and sounds, and problems of the distribution of fraudulently copied contents through the Internet, and of the unauthorized copying of recording media such as a compact disc-recordable (CD-R) are generated.
As a method for preventing such unauthorized use of contents, there is a system in which a key for decoding contents or encrypted contents is enciphered to be distributed for enabling only the specific authorized users or the authorized devices to decode the distributed data. For example, a configuration adopting a hierarchical tree structure being an embodiment of a broadcast encryption method is known.
Encryption data supplying processing of encryption keys and the like using a hierarchical tree structure is described by referring to the attached drawings.
A hierarchical tree structure shown in FIG. 1 uses a binary tree. The undermost layer of the binary tree is called as a leaf, and each of portions including an apex, each branch portion and the leaf is called as a node. Incidentally, the apex is called as a root or a root node. In the binary tree hierarchical tree structure shown in FIG. 1, the leaves are denoted by 8-15, and the nodes are denoted by 1-15, and further the root is denoted by 1.
Information processing apparatus such as a reproducer and a receiver as content utilization equipment are assigned to the leaves 8-15 in the binary tree hierarchical tree structure one by one.
Moreover, a node key is assigned to each of the nodes (including the leaves) 1-15 of the tree one by one. The node keys assigned to the leaves 8-15 are sometimes called as leaf keys.
Node keys assigned to the nodes existing on a path from a leaf to the root are severally given to the information processing apparatus corresponding to the leaf. In the configuration of FIG. 1, there are eight information processing apparatus assigned to the leaves 8-15 severally, and a node key is assigned from the node 1-15. Four node keys assigned to the nodes 1, 2, 4 and 8 are given to an information processing apparatus 101 corresponding to the leaf 8. Moreover, four node keys assigned to the nodes 1, 3, 6 and 12 are given to an information processing apparatus 102 corresponding to the leaf 12. Each information processing apparatus safely takes custody of these node keys.
A method for transmitting the information which only a selected information processing apparatus can obtain by means of the setting including the distribution processing of the node keys is described by referring to FIG. 2. For example, a configuration is supposed. In the configuration, a content such as specific music and image data enciphered to be an encrypted content is circulated in a state obtainable by everybody by means of a broadcast distribution or a recording medium such as a DVD storing the content, and a key (content key Kc) for decoding the encrypted content is provided only to a specific user, i.e. a user or an information processing apparatus having an authorized right of using the content.
It is supposed that an information processing apparatus assigned to the leaf 14 shown in FIG. 2 is excluded (revoked) as an unauthorized apparatus, and that the other information processing apparatus are authorized information processing apparatus. In this case, a cryptogram by which the information processing apparatus assigned to the leaf 14 cannot obtain the content key Kc, but by which the other information processing apparatus can obtain the content key Kc, is generated, and the cryptogram is distributed through a network or by means of a recording medium storing the cryptogram.
In this case, the content key may be enciphered to be transmitted by the use of the node keys owned jointly by as much information processing apparatus as possible among the node keys other than the ones (denoted by mark x in FIG. 2) owned by the information processing apparatus to be revoked (excluded), namely the node keys located at the upper par of the tree.
In the example shown in FIG. 2, the node keys at the nodes 2, 6 and 15 are used for the enciphering of the content key Kc to generate a set of cryptograms to be provided. Namely, cryptograms of E(NK2, Kc), E(NK6, Kc) and E(NK15, Kc) are generated, and are provided by being distributed through a network or being stored in a recording medium. E(A, B) denotes data B enciphered by a key A. Moreover, NKn denotes a nth node key shown in the drawing. Consequently, the above formulae indicate a set of three cryptograms including the encryption data E(NK2, Kc) produced by the encryption of the content key Kc by means of a node key NK2, the encryption data E(NK6, Kc) produced by the encryption of the content key Kc by means of a node key NK6, and the encryption data E(NK15, Kc) produced by the encryption of the content key Kc by means of a node key NK15.
If the three cryptograms are produced to be transmitted to all of the information processing apparatus through, for example, a broadcast communication path, the information processing apparatus (ones corresponding to the leaves 8-13 and 15 shown in FIG. 2) other than the information processing apparatus of a revoke object can decode any one of the cryptograms by means of a node key owned by itself to obtain the content key Kc. However, the information processing apparatus corresponding to the revoked (excluded) leaf 14 does not hold any of the three node keys NK2, NK6 and NK15 applied to the three cryptograms. Consequently, even if the information processing apparatus receives the cryptograms, the apparatus cannot perform the decoding processing of the cryptograms, and the apparatus cannot obtain the content key Kc.
Now, in the above-mentioned processing, the three cryptograms E(NK2, Kc), E(NK6, Kc) and E(NK15, Kc) are provided to each of the information processing apparatus, and each of the information processing apparatus which are not revoked needs to examine which cryptogram the information processing apparatus can decode, and to select the decodable cryptogram for perform decoding processing. Three cryptograms are set in the above example, but actually the number of the information processing apparatus is a huge number, and the number of the cryptograms provided to the information processing apparatus is also a huge one. Consequently, the processing of sequentially repeated execution of the decoding processing from the head of the cryptogram is a severe burden.
Namely, there is proposed a configuration for providing to each information processing apparatus a key specifying code allowing each information processing apparatus to know a cryptogram which the apparatus should select at the time of the provision of the cryptograms together with the cryptograms. The details of configuration are described in, for example, Japanese Unexamined Publication No. 2001-352322.
FIG. 3 is referred to while the configuration for providing a key specifying code to each information processing apparatus together with cryptograms is described. As shown in FIG. 3, node keys used for encryption are expressed by means of a tree structure, and the structure is coded for producing a key specifying code. Then, the produced key specifying code is transmitted in broadcast transmission together with a cryptogram block. An information processing apparatus accepts the key specifying code and analyzes the accepted key specifying code. Thereby, the information processing apparatus knows that the apparatus should decode which cryptogram by using which node key, and consequently the apparatus can efficiently perform the decoding processing.
The key specifying code is described. FIG. 3 shows an example of the transmission of three cryptograms E(NK2, Kc), E(NK6, Kc) and E(NK15, Kc) with an information processing apparatus corresponding to the leaf 14 as a revoke (exclusion) apparatus similarly to the case of FIG. 2.
First, in FIG. 3, a partial tree shown by a wide line is a tree having all of nodes 121, 122 and 123, to which node keys used for encryption are assigned, as leaves, and having a root 120 of the original tree structure as a root. The partial tree is called as a key specifying tree.
For expressing the structure of a key specifying tree by means of data, information indicating the extension of a branch from each node toward the left side thereof or a right side thereof is set.
A piece of two-bit information (key specifying information) being any one of “00”, “01”, “10” and “11” is used for the expression of the structure at each node. Namely, if a first bit (on the left side) of a piece of key specifying information attached to a certain node is “1”, the first bit indicates the extension of a branch toward the left side of the node (the existence of a child node on the left side of the key specifying tree). If the first bit is “0”, the first bit indicates no-extension of any branches toward the left side of the node (the nonexistence of any child nodes on the left side). The end (on the right side) of the key specifying information similarly indicates the information of the branch on the right side.
Namely, if the key specifying information bits at a certain node are “11”, the bits indicate that branches extend from the node toward both sides thereof. If the bits are “01”, the bits indicate the extension of a branch only toward the left side. If the bits are “10”, the bits indicate the extension of a branch toward the right side. Moreover, the bits of “00” indicate that no branches extend and the node is a leaf of the key specifying tree.
Namely, the existence of branches of a key specifying tree on the left side and on the right side of each node is indicated by a piece of two-bit information. The key specifying information bits are set as follows by setting “1” in case of existence of a branch and “0” in case of nonexistence:
Existence of Branches on Both Sides: “11”
Existence of Branch only on Left Side: “10”
Existence of Branch only on Right Side: “01”
Nonexistence of Branches on Both Sides: “00”.
A key specifying code is set by arranging the key specifying information bits from upper layers of a key specifying tree in order and from the left side to the right side in the same layer in order. In case of the configuration shown in FIG. 3, because the key specifying tree includes the nodes of Nos. 1, 2, 3, 6, 7 and 15, the data arranging the key specifying information bits of each of the nodes 1, 2, 3, 6, 7 and 15 in order, i.e. “110011000100”, is set as the key specifying code.
The above-mentioned example is an example of a binary tree configuration. However, the setting of a similar key specifying code is performed also in case of a multi-way tree configuration such as an a-way tree having an arbitrary number of sub trees (a) such as a three-way tree.
A three-way tree configuration is shown in FIG. 4 as an example of the configuration of an a-way tree. An information processing apparatus as a content using apparatus such as a receiver, a reproducer and a PC is assigned to a leaf of the three-way tree one by one. The example shown in FIG. 4 is an example having the number of sub trees a=3 and the number of the total information processing apparatus N=27.
Each information processing apparatus is denoted as uj by means of the number j of a leaf to which the information processing apparatus is assigned, where j=14, 15, . . . 40. Moreover, the following 2a−2 subsets are defined to each internal node (a node other than a leaf) k of the tree: Sk,b1b2 . . . ba, where biε{0, 1},
            ∑              i        =        1            a        ⁢                  ⁢    bi    ≠      0    ⁢                  ⁢          and        ⁢                  ⁢                  ∑                  i          =          1                a            ⁢                          ⁢      bi        ≠      a    .  
In the following, b1b2 . . . ba is referred to as B for simplifying description.
In an example of a=3, 2a−2=6, and six subsets of Sk, 100, Sk, 010, Sk, 001, Sk, 110, Sk, 101 and Sk, 001 are defined to each internal node k. Moreover, a subset S1, 111 is defined only to a root (node 1).
Each subset Sk,b1b2b3 is a set having components of information processing apparatus being the descendants of an ith child node from the left end of the child nodes of the node k. For example, in the example of FIG. 4, if two subsets among seven subsets S1, 111, S1, 100, S1, 010, S1, 001, S1, 110, S1, 101 and S1, 001 defined at a node 1 are exemplified, they are:
S1, 111={u14, u15, . . . u40}
S1, 100={u14, u15, . . . u22}
Namely, S1, 111 is a set including all leaves. S1, 100 is a set including the leaves belonging to the branch at the left end of the root node.
Moreover, if one subset among six subsets S5, 100, S5, 010, S5, 001, S5, 110, S5, 101 and S5, 001 defined for a node 5 is exemplified, the subset is S5, 101={u14, u16}. Namely, S5, 101 is a set including the leaves belonging to the branches on the left end and the right end of the node 5.
A subset key “SKk,B” is assigned to each subset Sk,B one by one. Each information processing apparatus is given a subset key of the subset to which the apparatus belongs, and secretly takes custody of the given subset key.
For example, in the example of FIG. 4, because the information processing apparatus u14 belongs 10 subsets of S1, 100, S1, 110, S1, 101, S1, 111, S2, 100, S2, 110, S2, 101, S5, 100, S5, 110 and S5, 101, the information processing apparatus u14 is given their subset keys.
Namely, the information processing apparatus u14 securely stores ten subset keys SK1, 100, SK1, 110, SK1, 101, SK1, 111, SK2, 100, SK2, 110, SK2, 101, SK5, 100, SK5, 110 and SK5, 101 corresponding to ten subsets S1, 100, S1, 110, S1, 101, S1, 111, S2, 100, S2, 110, S2, 101, S5, 100, S5, 110 and S5, 101, respectively.
FIG. 5 is referred to for a description of the information obtainable only by the information processing apparatus selected by, e.g. a content manager or the like, or, for example, a method for providing a content key, after the setting including the distribution of the subset keys to the information processing apparatus.
Now, it is supposed that information processing apparatus u27, u28, u33, u36, u37, u38, u39 and u40 (expressed by mark x in FIG. 5) are revoked among information processing apparatus u14-u40, and that information (for example, the content key Kc) is transmitted to the information processing apparatus other than the revoked information processing apparatus. In this case, if all of the branches from the leaves to which the revoked information processing apparatus are assigned to the root are deleted, one or more respectively isolated partial trees (shown by wide lines in the drawing) remain. A subset defined at the root of a partial tree corresponds to each partial tree, and a content key is enciphered by using a subset key corresponding to the subset. A cryptogram block is then configured, and the broadcast transmission of the cryptogram block is performed.
The partial trees having the configuration of FIG. 5 are, as shown in the drawing, five partial trees 131, 132, 133, 134 and 135, and the roots of these five partial trees are nodes (1, 3, 9, 11 and 12). Namely, in the example of FIG. 5, a transmitter as a provider of a content key generates a cryptogram block by applying a subset key corresponding to a subset corresponding to each partial tree defined at the root of each of these partial trees.
Namely, in the example of FIG. 5, the transmitter as the provider of the content key transmits five cryptograms of E(SK1, 100, Kc), E(SK3, 101, Kc), E(SK9, 100, Kc), E(SK11, 101, Kc) and E(SK12, 100, Kc) arranged in the order of the numbers of nodes as the cryptogram block. Only the information processing apparatus holding any one of the subset keys applied to the encryption of the five cryptogram, namely SK1, 100, SK3, 101, SK9, 100 SK11, 101 and SK12, 100, can decode the cryptogram to obtain the content key Kc.
In the example shown in FIG. 5, each of the information processing apparatus belonging to the five partial trees 131, 132, 133, 134 and 135 holds any one of the subset keys SK1, 100, SK3, 101, SK9, 100, SK11, 101 and SK12, 100, and can obtain the content key Kc consequently.
Accordingly, the following hold.
(1) the information processing apparatus u14-u22 belonging to the partial tree 131 include a subset key SK1, 100, and can decode the cryptogram E(SK1, 100, Kc) to obtain the content key Kc.
(2) The information processing apparatus u23-u25 and u29-u31 belonging to the partial tree 132 includes the subset key SK3, 101, and the information processing apparatus u23-u25 and u29-u31 can decode the cryptogram E(SK3, 101, Kc) to obtain the content key Kc.
(3) The information processing apparatus u26 belonging to the partial tree 133 includes the subset key SK9, 100, and can decode the cryptogram E(SK9, 100, Kc) to obtain the content key Kc.
(4) The information processing apparatus u32 and u34 belonging to the partial tree 134 includes the subset key SK11, 101, and can decode the cryptogram E(SK11, 101, Kc) to obtain the content key Kc.
(5) The information processing apparatus u35 belonging to the partial tree 135 includes the subset key SK12, 100, and can decode the cryptogram E(SK12, 100, Kc) to obtain the content key Kc.
On the other hand, the revoked information processing apparatus u27, u28, u33, u36, u37, u38, u39 and u40 (shown by the mark x in FIG. 5) do not have any one of the subset keys SK1, 100, SK3, 101, SK9, 100, SK11, 101 and SK12, 100, and cannot obtain the content key Kc.
Now, also in the above-mentioned processing, the non-revoked information processing apparatus need to know which cryptogram the apparatus should decode. Then, the non-revoked information processing apparatus produce a key specifying code similar to the above-mentioned binary tree configuration, and performs the broadcast transmission of the produced key specifying code together with a cryptogram block. An information processing apparatus receives the key specifying code and analyzes the code, and thereby can know which cryptogram the apparatus should decode by using which node key to perform decoding processing.
A key specifying code in a three-way tree configuration is described by referring to FIG. 6. In FIG. 6, the tree expressed by wide lines is a key specifying tree. The tree connects all of the nodes (1, 3, 9, 11 and 12) defining subsets corresponding to the subset keys used for encryption, and setting the root (1) of the original tree structure as a root. Then, the tree forms a key specifying tree.
The structure of the key specifying tree is expressed by key specifying information having six bits totally from the root. The key specifying information includes three bit information (child bits) per node indicating the existence of a branch extending to an i-th child from the left side, and three bit information (key specifying bits) indicating the kind of a subset key defined at the node if the subset key is used for encryption.
Each of the first three bits (child bits) of the key specifying information attached to a certain node indicates the extension of a branch toward a child node corresponding to the position of the bit from the node (the existence of the child node corresponding to the key specifying tree) if the bit is “1”, and indicates no extension of any branches toward the child node (the inexistence of any corresponding child nodes) if the bit is “0”.
For example:                if the information of a certain node is “111”, branches extend toward all child nodes;        if the information is “100”, a branch extends only toward the child node on the leftmost side;        if the information is “110”, branches extend toward the child nodes on the left most side and at the center; and        if the information is “000”, no branches extend, and the information indicates that the node is a leaf of the key specifying tree.        
Moreover, the three bits (key specifying bits) at the end of the key specifying information indicate which subset keys corresponding to which subsets among ones defined for the node are used for the production of cryptograms in the above-mentioned cryptogram block.
Namely, if the key specifying bit information of a certain node k is “100”, the cryptogram block includes a cryptogram to which the subset key SKk, 100 is applied. If the information is “110”, the cryptogram block includes a cryptogram to which the subset key SKk, 110 is applied. If the information is “000”, the information indicates that the cryptogram block does not use any subset keys corresponding to the subsets defined for the node.
As shown in FIG. 6, arranging six-bit pieces of key specifying information attached to each node of the key specifying tree in the order of the numbers of the nodes produces the key specifying code.
In the configuration of FIG. 6, because the key specifying tree includes the node numbered to be 1, 3, 4, 9, 11 and 12, the data made by arranging the key specifying information bits of the respective nodes in order, “011100010101110000000100000101000100”, is set as the key specifying code.
However, such a key specifying code has a fault such that the configuration bit becomes long. In the above-mentioned configuration, because the key specifying tree includes the six nodes numbered as 1, 3, 4, 9, 11 and 12, and has a piece of six-bit information to each node, then the key specifying code has 6×6=36 bits. As the number of leaves increases and the configuration of the key specifying tree becomes more complex, the key specifying code needs further much number of bits.
Namely, a configuration for reducing the amount of information of the key specifying code has bee proposed. Referring to FIG. 7, the configuration is described. The processing shown in FIG. 7 replaces the child bit of three bits of the first half in the above-mentioned six-bit key specifying code with a leaf bit c of one bit.
In each of the nodes (1, 3, 4, 9, 11, 12 and 13) in the key specifying tree shown in FIG. 7, the one-bit leaf bit c is set in place of the three-bit child bit.
If a leaf bit is “1”, the leaf bit indicates that it is a leaf of the key specifying tree.
If a leaf bit is “0”, the leaf bit indicates that it is a node other than any leaves.
In the example shown in FIG. 7, the leaf nodes in the key specifying tree are nodes (9, 11, 12 and 13), and the leaf bits of these nodes are set to be “1”. The leaf bits of the other nodes, or the nodes (1, 3 and 4), are set to be “0”.
If the leaf bit c=1, the node is a leaf of a partial tree, and no branches of the key specifying tree extend from the node. Moreover, if the leaf bit c=0, the node is not any leaves of a partial tree, and branches of the key specifying tree extend from the node. If branches extend is judged on the basis of the key specifying bit information of the three bits in the latter half. Namely, a branch extends toward a child node corresponding to a bit set as d=0 in the key specifying bit information “d, d, d”.
Under a supposition such that a leaf bit=c, and that key specifying bits=ddd, for example if the key specifying information of a certain node k is c, ddd=0, 001, the key specifying information indicates that branches extend from the node k to the child nodes on the left side and the center, and that a subset key SKk, 001 is applied for encryption. If c, ddd=0, 110, the key-specifying information indicates that a branch extends from the node k to a child node on the right side, and that a subset key SKk, 110 is applied for encryption. If the leaf bit c=1, the key specifying information indicates that no branches extend from the node k. The meaning of the subset key to be applied for encryption is the same, and the key specifying information indicates that a subset key SKk, ddd is applied for encryption.
The example shown in FIG. 7 is supposed such that the information processing apparatus u27, u28, u33, u36, u37, U38, u39 and u40 (expressed by x mark in FIG. 7) are revoked among the information processing apparatus u14-u40, and that information (for example, a content key Kc) is transmitted to the other information processing apparatus.
In this case, as shown in FIG. 7, the key specifying tree coupling the nodes to which some subsets are defined, or the nodes 1, 3, 9, 11 and 12, with the node which is not any intermediate nodes of the other similar partial trees among the nodes each being a root having the partial trees the leaves belonging to which are all revoked, namely the node 13, is set, and the leaf bit=c and the key specifying bit=ddd are set to each of the nodes (1, 3, 4, 9, 11, 12 and 13) constituting the set key specifying tree as follows.
node 1: (0, 100)
node 3: (0, 101)
node 4: (0,000)
node 9: (1, 100)
node 11: (1, 101)
node 12: (1, 100)
node 13: (1, 000)
As a result, the key specifying code is formed to be a value arranging the respective bits in order, or “0100010100001100110111001000”, which is 28 bit information.
By applying the leaf bits in such a way, the key specifying code, which has the amount of information of 36 bits in the example of applying 3 bit child bits thereto as described above with reference to FIG. 6, can be reduced up to 28 bits.
Incidentally, if there are no information processing apparatus to be revoked, a cryptogram using a subset key SK1, 111 which is held by all of the information processing apparatus is provided. The state may be expressed by setting the key specifying information of the root to be 1, 111.
Now, an attack to the broadcast encryption system is considered. For example, the following situation may be brought about. Namely, an attacker performs the reverse engineering of a certain information processing apparatus to extract subset keys included in the information processing apparatus, and furthermore the attacker produces a duplication of the information processing apparatus to use the extracted subset key in the duplicated information processing apparatus. It is a matter of course that the duplicated information processing apparatus is an information processing apparatus produced by a pirated edition trader or the like as one out of license, and there is the possibility of performing an unauthorized copy, the re-distribution of a reproduced content to the Internet, and the like, which any licensed apparatus do not perform. Next, a situation in which the duplicated information processing apparatus is dealt in a black market is considered. Moreover, a situation in which the attacker produces receiving software using the subset key and distributes the receiving software through the Internet is conceivable.
If a user can obtain a duplicated information processing apparatus, the user can specify the subset key used in the duplicated information processing apparatus by using reverse engineering or a method described in D. Naor, M. Naor and J. Lotspiech, “Revocation and Tracing Schemes for Stateless Receivers”, Advances in Cryptology-Crypto 2001, Lecture Notes in Computer Science 2139, Springer, pp. 41-62, 2001.
Here, if a subset key to a subset including only one leaf is used in a duplicated information processing apparatus, there is only one authorized information processing apparatus having the subset key. Consequently, it is sufficient to revoke the information processing apparatus after that.
However, if a duplicated information processing apparatus does not have such a subset key, and if the duplicated information processing apparatus stores only the subset key (for example, the subset key for the subset defined to an upper node of a tree) corresponding to the subset having a plurality of leaves as components to perform the processing of applying the subset key, then the subset key is one commonly stored in a plurality of information processing apparatus corresponding to a plurality of leaves. Consequently, it is impossible to specify which information processing apparatus the subset key is stolen from.
For example, in the example of FIG. 7, namely in the state in which the information processing apparatus u27, u28, u33, u36, u37, u38, u39 and u40 (denoted by the x mark in FIG. 7) are revoked among the information processing apparatus u14-u40, the following situation is supposed. Namely, an attacker performed the reverse engineering of any one of the information processing apparatus u23, u24, u25, u29, u30 and u31, which are not revoked at that time, and the subset key attached to the information processing apparatus was exposed. Then, the attacker produced a duplicated information processing apparatus using only the subset key SK3, 101 corresponding to the subset S3, 101 defined at the node 3 among them.
In this case, because the subset key SK3, 101 corresponding to the subset S3, 101 defined at the node 3 is the subset key commonly stored by any of the information processing apparatus u23, u24, u25, u29, u30 and u31, a problem of the impossibility of specifying which information processing apparatus among those information processing apparatus attacked, that is to say which information processing apparatus was used in an unauthorized way, is generated. Consequently, there is a problem in which revoke processing specifying a fraudulent information processing apparatus cannot perform.